CVE-2026-28299 PUBLISHED

SolarWinds Web Help Desk Denial-of-Service Vulnerability

Assigner: SolarWinds
Reserved: 26.02.2026 Published: 02.06.2026 Updated: 02.06.2026

SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVSS Score: 8.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SolarWinds
Product	Web Help Desk
Versions	Default: unaffected Version 2026.1 and all previous versions is affected

Solutions

SolarWinds recommends customers upgrade to the latest version as soon as is practical.

Credits

Tenable reporter

References

Problem Types

CWE-770 Allocation of Resources Without Limits or Throttling CWE

Impacts

CAPEC-130 Excessive Allocation